TLS handshake timeout to https://api.crowdsec.net/

pedrobuffon · May 29, 2026, 12:58pm

i had to recreate my docker volumes, when crowdsec docker was creating the files i notice some weird behavior when it came to connecting to the https://api.crowdsec.net/, online_api_credentials.yaml was not being auto filled.

Doing a traceroute api.crowdsec.net -4 it gave me:

traceroute to api.crowdsec.net (52.18.68.74), 30 hops max, 60 byte packets
 1  mikrotik.buffon.cloud (10.84.181.1)  0.225 ms  0.267 ms  0.310 ms
 2  10.255.255.253 (10.255.255.253)  1.906 ms  1.930 ms  1.942 ms
 3  192.168.156.1 (192.168.156.1)  4.377 ms  4.805 ms  5.203 ms
 4  192.168.156.221 (192.168.156.221)  2.695 ms  2.738 ms  2.878 ms
 5  172.29.40.46 (172.29.40.46)  3.153 ms  3.121 ms  3.151 ms
 6  192.168.156.226 (192.168.156.226)  1.930 ms  1.244 ms  1.249 ms
 7  255-055-isp.pae-rs-br.adyl.net.br (189.14.239.25)  3.969 ms  5.579 ms  5.853 ms
 8  255-100-edge.sp4-sp-br.adyl.net.br (189.14.239.10)  36.136 ms  36.009 ms  35.753 ms
 9  decix1.amazon.com (80.81.194.152)  172.054 ms  172.056 ms  171.988 ms
10  * * *
11  * * *
12  * * *
13  * * *
14  * * *
15  * * *
16  * * *
17  * * *
18  * * *
19  * * *
20  * * *
21  * * *
22  * * *
23  * * *
24  * * *
25  * * *
26  * * *
27  * * *
28  * * *
29  * * *
30  * * *

and the ipv6:

traceroute to api.crowdsec.net (2a05:d018:19bb:ea02:d1e7:50d5:1c07:cb5a), 30 hops max, 80 byte packets
 1  2804:10fc:200:e100::1 (2804:10fc:200:e100::1)  0.241 ms  0.431 ms  0.508 ms
 2  fd01:2804:10fc:aabb:cafe::2 (fd01:2804:10fc:aabb:cafe::2)  1.714 ms  1.717 ms  1.721 ms
 3  fd01:2804:10fc:aabb:cafe::1 (fd01:2804:10fc:aabb:cafe::1)  4.230 ms  4.760 ms  5.267 ms
 4  fd01:2804:10fc:aaaa:cafe::1 (fd01:2804:10fc:aaaa:cafe::1)  3.101 ms  3.308 ms  3.470 ms
 5  fd00:2804:10fc:b0b0:ffff:a021:0:2 (fd00:2804:10fc:b0b0:ffff:a021:0:2)  2.824 ms  2.742 ms  2.879 ms
 6  2804:10fc:ff99:cafe:cafe::6 (2804:10fc:ff99:cafe:cafe::6)  9.270 ms  3.031 ms  7.092 ms
 7  2804:10fc:b0b0:baba:ffff:a024:0:9 (2804:10fc:b0b0:baba:ffff:a024:0:9)  18.876 ms  18.923 ms  18.274 ms
 8  * * *
 9  * * *
10  * * *
11  * * *
12  2620:107:4000:b012::f001:6441 (2620:107:4000:b012::f001:6441)  203.046 ms 2620:107:4000:b012::f001:6444 (2620:107:4000:b012::f001:6444)  199.638 ms  201.754 ms
13  2620:107:4000:cfff::f21b:9a39 (2620:107:4000:cfff::f21b:9a39)  201.425 ms 2620:107:4000:cfff::f21b:9bb9 (2620:107:4000:cfff::f21b:9bb9)  205.625 ms 2620:107:4000:cfff::f21b:9ab9 (2620:107:4000:cfff::f21b:9ab9)  202.128 ms
14  2620:107:4000:b1d0::f001:6c04 (2620:107:4000:b1d0::f001:6c04)  197.368 ms 2620:107:4001:610::f008:9401 (2620:107:4001:610::f008:9401)  198.879 ms 2620:107:4001:610::f008:9403 (2620:107:4001:610::f008:9403)  199.075 ms
15  2620:107:4000:cfff::f210:7889 (2620:107:4000:cfff::f210:7889)  203.555 ms 2620:107:4000:cfff::f203:df49 (2620:107:4000:cfff::f203:df49)  203.482 ms 2620:107:4000:cfff::f21f:5109 (2620:107:4000:cfff::f21f:5109)  248.766 ms
16  * * 2620:107:4000:cfff::f3ff:e60 (2620:107:4000:cfff::f3ff:e60)  219.801 ms
17  * * *
18  2a01:578:0:4009:8000:0:6442:951 (2a01:578:0:4009:8000:0:6442:951)  213.065 ms * *
19  * 2a01:578:0:4009:8000:0:6441:2621 (2a01:578:0:4009:8000:0:6441:2621)  202.000 ms *
20  * * *
21  * * *
22  * * *
23  * * *
24  * * *
25  * * *
26  * * *
27  * * *
28  * * *
29  * * *
30  * * *

I tried everything, changing DNSs, excluding everything the container created.

this is my compose only for the crowdsec, i have other services as well

  crowdsec:
    image: crowdsecurity/crowdsec:latest
    container_name: crowdsec
    restart: unless-stopped
    security_opt:
      - no-new-privileges=true
    environment:
      - USER=crowdsec
      - GID
      - COLLECTIONS
      - CUSTOM_HOSTNAME
      - TZ
    env_file:
      - .env
    expose:
      - 8080
    ports:
      - 6060:6060
    deploy:
      resources:
        limits:
          memory: 256M
    volumes:
      - ./crowdsec/config:/etc/crowdsec
      - ./crowdsec/database:/var/lib/crowdsec/data/
      # - /var/lib/docker/volumes/ssh/_data/logs/openssh/:/var/log/opensshd/:ro
      - ./traefik/logs:/var/log/traefik/:ro
      - /etc/localtime:/etc/localtime:ro
      - /etc/timezone:/etc/timezone:ro
    healthcheck:
      test: ["CMD", "cscli", "lapi", "status"]
      interval: 30s
      timeout: 5s
      retries: 3
      start_period: 30s
    networks:
      traefik:
        ipv6_address: "2001:db8:2::3" # I only do this because if i dint't on the web gui would appear duplicates whenever i restart the container
        ipv4_address: "172.21.0.3"

doing capi register it gives me

Error: cscli capi register: api client register ('https://api.crowdsec.net/'): api register (https://api.crowdsec.net/): Post "https://api.crowdsec.net/v3/watchers": net/http: TLS handshake timeout

Can anyone help me?

pedrobuffon · May 29, 2026, 4:37pm

Adding

    driver_opts:
          com.docker.network.driver.mtu: 1300

to my docker networks seem to have fixed the issue

Topic		Replies	Views
After restarting the server, everything on it stopped working crowdsec	2	665	March 6, 2025
Unable to retrieve latest crowdsec version crowdsec	5	1727	May 28, 2024
Issues setting up crowdsec on docker with traefik crowdsec	2	1257	August 1, 2025
I feel I made something wrong crowdsec	2	685	August 2, 2024
Error message from crowdsec	2	212	December 27, 2024

TLS handshake timeout to https://api.crowdsec.net/

Related topics